Vulnerabilities > Jenkins > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-08-16 CVE-2023-40349 Improper Initialization vulnerability in Jenkins Gogs
Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs.
network
low complexity
jenkins CWE-665
5.3
2023-08-16 CVE-2023-40350 Cross-site Scripting vulnerability in Jenkins Docker Swarm 1.11
Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control responses from Docker.
network
low complexity
jenkins CWE-79
5.4
2023-08-16 CVE-2023-40351 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Favorite View
A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite View Plugin 5.v77a_37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar.
network
low complexity
jenkins CWE-352
4.3
2023-07-26 CVE-2023-3414 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Servicenow Devops
A cross-site request forgery vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server.
network
low complexity
jenkins CWE-352
6.5
2023-07-26 CVE-2023-39151 Cross-site Scripting vulnerability in Jenkins
Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control build log contents.
network
low complexity
jenkins CWE-79
5.4
2023-07-26 CVE-2023-39152 Always-Incorrect Control Flow Implementation vulnerability in Jenkins Gradle 2.8
Always-incorrect control flow implementation in Jenkins Gradle Plugin 2.8 may result in credentials not being masked (i.e., replaced with asterisks) in the build log in some circumstances.
network
low complexity
jenkins CWE-670
6.5
2023-07-26 CVE-2023-39153 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Gitlab Authentication
A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account.
network
low complexity
jenkins CWE-352
5.4
2023-07-26 CVE-2023-39154 Incorrect Authorization vulnerability in Jenkins Qualys web APP Scanning Connector
Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
network
low complexity
jenkins CWE-863
6.5
2023-07-26 CVE-2023-39155 Exposure of Resource to Wrong Sphere vulnerability in Jenkins Chef Identity
Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask the user.pem key form field, increasing the potential for attackers to observe and capture it.
network
low complexity
jenkins CWE-668
5.3
2023-07-26 CVE-2023-39156 Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Bazaar
A cross-site request forgery (CSRF) vulnerability in Jenkins Bazaar Plugin 1.22 and earlier allows attackers to delete previously created Bazaar SCM tags.
network
low complexity
jenkins CWE-352
5.3